{% set CLUSTER_NAME = env['deployment'] + '-' + env['name'] %}

resources:

- name: {{ properties['gkeClusterName'] }}
  type: container.v1.cluster
  properties:
    zone: {{ properties['zone'] }}
    cluster:
      name: {{ properties['gkeClusterName'] }}
      legacyAbac:
        enabled: false
      initialNodeCount: {{ properties['initialNodeCount'] }}
      nodeConfig:
        machineType: {{ properties["instanceType"] }}
        oauthScopes:
        - https://www.googleapis.com/auth/logging.write
        - https://www.googleapis.com/auth/monitoring
        - https://www.googleapis.com/auth/devstorage.read_only

- type: runtimeconfig.v1beta1.config
  name: {{ CLUSTER_NAME }}-config
  properties:
    config: {{ CLUSTER_NAME }}-config

- type: runtimeconfig.v1beta1.waiter
  name: {{ CLUSTER_NAME }}-waiter
  metadata:
    dependsOn:
    - {{ CLUSTER_NAME }}-config
  properties:
    parent: $(ref.{{ CLUSTER_NAME }}-config.name)
    waiter: {{ CLUSTER_NAME }}-waiter
    timeout: 600s
    success:
      cardinality:
        path: /success
        number: 1
    failure:
      cardinality:
        path: /failure
        number: 1

- name: {{ CLUSTER_NAME }}-vm
  type: compute.v1.instance
  metadata:
    dependsOn:
    - {{ properties['gkeClusterName'] }}
  properties:
    zone: {{ properties['zone'] }}
    machineType: https://www.googleapis.com/compute/v1/projects/{{ env["project"] }}/zones/{{ properties["zone"] }}/machineTypes/{{ properties["instanceType"] }}
    tags:
      items:
      -  istio-init
    serviceAccounts:
      - email: "default"
        scopes:
        - https://www.googleapis.com/auth/cloud-platform
        - https://www.googleapis.com/auth/compute
        - https://www.googleapis.com/auth/logging.write
        - https://www.googleapis.com/auth/monitoring
        - https://www.googleapis.com/auth/servicecontrol
        - https://www.googleapis.com/auth/service.management.readonly
        - https://www.googleapis.com/auth/userinfo.email

    networkInterfaces:
    - network: https://www.googleapis.com/compute/v1/projects/{{ env["project"] }}/global/networks/default
      accessConfigs:
      - name: External NAT
        type: ONE_TO_ONE_NAT
    disks:
    - deviceName: boot
      type: PERSISTENT
      boot: true
      autoDelete: true
      initializeParams:
        diskName: {{ CLUSTER_NAME }}-vm-disk
        sourceImage: https://www.googleapis.com/compute/v1/projects/debian-cloud/global/images/family/debian-9
    metadata:
      items:
      - key: startup-script
        value: |
          #!/bin/bash -x

          apt-get update && apt-get install -y git google-cloud-sdk curl kubectl

          export HOME=/root
          cd /root/

          gcloud container clusters get-credentials {{ properties['gkeClusterName'] }} --zone {{ properties['zone'] }}
          kubectl create clusterrolebinding cluster-admin-binding --clusterrole=cluster-admin --user=$(gcloud config get-value core/account)

          wget https://github.com/istio/istio/releases/download/{{ properties['installIstioRelease'] }}/istio-{{ properties['installIstioRelease'] }}-linux.tar.gz
          tar xzf istio-{{ properties['installIstioRelease'] }}-linux.tar.gz

          wget -P /root/helm/ https://storage.googleapis.com/kubernetes-helm/helm-v2.9.1-linux-amd64.tar.gz
          tar xf /root/helm/helm-v2.9.1-linux-amd64.tar.gz  -C /root/helm/

          export PATH="$PATH:/root/istio-{{ properties['installIstioRelease'] }}/bin::/root/helm/linux-amd64/"
          cd /root/istio-{{ properties['installIstioRelease'] }}

          kubectl create ns istio-system

          ISTIO_OPTIONS=" --set global.proxy.image=proxyv2 "

          {% if  properties['enableMutualTLS'] %}
            ISTIO_OPTIONS=$ISTIO_OPTIONS" --set global.mtls.enabled=true"
          {% endif %}

          {% if  properties['enableAutomaticSidecarInjection'] %}
            ISTIO_OPTIONS=$ISTIO_OPTIONS" --set sidecar-injector.enabled=true"
          {% endif %}

          {% if properties['enableGrafana'] or properties['enablePrometheus'] %}
            ISTIO_OPTIONS=$ISTIO_OPTIONS" --set prometheus.enabled=true"
          {% endif %}

          {% if  properties['enableGrafana'] %}
            ISTIO_OPTIONS=$ISTIO_OPTIONS" --set grafana.enabled=true"
          {% endif %}

          {% if  properties['enableTracing'] %}
            ISTIO_OPTIONS=$ISTIO_OPTIONS" --set tracing.enabled=true "
          {% endif %}

          {% if  properties['enableServiceGraph'] %}
            ISTIO_OPTIONS=$ISTIO_OPTIONS" --set servicegraph.enabled=true"
          {% endif %}

          helm template install/kubernetes/helm/istio --name istio --namespace istio-system $ISTIO_OPTIONS  > istio.yaml

          kubectl apply -f istio.yaml
          kubectl label namespace default istio-injection=enabled

          sleep 150

          kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml
          kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml

          gcloud beta runtime-config configs variables set success/{{ CLUSTER_NAME }}-waiter success --config-name $(ref.{{ CLUSTER_NAME }}-config.name)
          gcloud -q compute instances delete {{ CLUSTER_NAME }}-vm --zone {{ properties['zone'] }}
